In early gaming environments, gaming machines were stand-alone devices. Security of the gaming machines was accomplished via physical locks, security protocols, security personnel, physical and video monitoring, and the need to be physically present at a machine to attempt to breach the security of the gaming machine. By the same token, management of the gaming machines required a great deal of personal physical interaction with each gaming machine. The ability to change parameters of the gaming machine also required physical interaction.
In view of the increased processing power and availability of computing devices, gaming machines have become customizable via electronic communications and remotely controllable. Manufacturers of gaming equipment have taken advantage of the increased functionality of gaming machines by adding additional devices and features to gaming machines, thereby maintaining a player's attention to the gaming machines for longer periods of time increasing minimum bet and bet frequency and speed of play. This, in turn, leads to the player wagering at the gaming machine for longer periods of time, with more money at a faster pace, thereby increasing owner profits.
One technique that has been employed to maintain a player's attention at the gaming machine has been to provide players with access to gambling-related information. In this regard, attaching a small electronic display to the gaming device, gambling-related information, as well as news and advertisements can be sent to the player. The gambling-related information may include, for example, information on sports betting and betting options for those sporting events. Additionally, the gambling-related information may also include information such as horse racing and off-track betting. News and advertisements can also maintain a player's attention by providing the player with access to information ranging from show times, to restaurant and hotel specials, and to world events, thus reducing the need and/or desire of the player to leave the gaming machine.
Moreover, it has been shown to be desirable to provide the player with interactive access to the above information. This type of interactivity allows players significantly more flexibility to make use of the above-described information. The gambling-related information can also be utilized by the player in a much more efficient manner. In this regard, greater levels of flexibility and access are likely to make the player remain and gamble at the gaming machine for significantly longer periods of time.
In addition, the player may participate in a “premium” promotion where the player is registered with the gaming establishment as a club member when the player inserts an ID card into the gaming machines during play. The player may be rewarded for certain play patterns (e.g., wager amounts, wager totals, payouts, time of play, or the like) and earn redeemable benefits or an upgrade of club member status.
Attempts to distribute gambling-related information and advertisements to players and to allow the recognition of premium membership players have resulted in additional system components that may be attached to the gaming devices. These components for accessing and displaying information for gaming machines may include a keypad, card reader, and display equipment.
The amount of interactivity and data presentation/collection possible with current processor based gaming machines has led to a desire to connect gaming machines in a gaming network. In addition to the gaming machines themselves, a number of devices associated with a gaming machine or with a group of gaming machines may be part of the network. It has become important for the devices within a gaming machine or cabinet to be aware of each other and to be able to communicate to a control server. Not only is the presence or absence of a network device important, but also the physical location of the device and the ability to associate devices within a particular gaming machine has become a necessary component of a gaming network.
Current networks for gaming machines have been primarily one-way in communication, have been slow, and have been proprietary (custom designed and incompatible with commercial networking equipment). Prior art networks provided accounting, security, and player-related data reporting from the gaming machine to a backend server. Secondary auditing procedures allowed regulators and managers to double check network reporting, providing a method of detecting malfeasance and network attacks. However, such security is remote in time from when a network attack has occurred. Prior art networks lack many security features needed for more rapid detection of cheating from a variety of possible attackers.
Although prior art networks of gaming machines provide advantages to gaming establishment operators, they also engender new risks to security of the gaming establishment and to the gaming machines. Not only is traditional data associated with gaming machines now potentially at risk on the gaming network, but personal player information is now at risk, as well.
In addition, the proprietary nature of prior art gaming machine networks limits the ability to use commercially available technology. This adds to the cost of gaming networks and limits their scalability and the ability to upgrade as technology improves. Further, as gaming machines are grouped in networks, the value of the pooled financial data traversing the network creates a great temptation to attack the network. The potential reward from attacking a network of gaming machines is greater than the reward from attacking a single machine.
Attempts to illicitly obtain access to the gaming network are referred to as network attacks. These attacks can be driven by different motivations and are characterized by the type of attack involved. In addition, attackers can be either insiders (gaming establishment employees, regulators, security personnel) or outsiders. FIG. 7 illustrates possible attacks on a network. The gaming network 701 may be attacked by an insider 703. Insiders include casino employees, regulators, game manufacturers, game designers, network administrators, and the like. Outsiders 704 might also attack the network 701. Outsiders may include hackers with an IP connection attacking the network and/or devices (including games) on the network. The network may be attacked via a bridge 702 to the Internet. Examples of attacks are described below. In many cases, an attacker may attempt to populate the network with one or more devices that are not valid members of the network. The presence of such devices on the network may provide information to an attacker that can be used in attacks on the network. The devices might also themselves serve as a point of attack on the network. For example, an attacker could place a bill collector on the network that would allow the user to effectively play for free by providing false coin-in information. Other false devices could be added to the network, leading to security risks.
Attack Motivation
Typical motivations for attack on a gaming network include the desire to steal money or to embarrass or blackmail an entity. For example, an attacker may attempt to steal money from the gaming establishment, from a patron or player, or from a regulatory or other political body (e.g., a state that taxes gaming revenue). The attempt to steal may involve attempts to artificially manipulate wagers or payouts to the attacker's benefit. An attacker may also attempt to obtain credit or other personal information from the network that can be used to illicitly obtain money. Other attackers (typically insiders) may wish to manipulate accounting data to defraud government agencies by underreporting taxable revenue. An attacker may attempt to collect gaming habit or other sensitive information regarding a patron as a blackmail threat, or the attacker may attempt to embarrass or blackmail the gaming establishment, the gaming machine manufacturer, a regulating agency, or a political organization by showing the vulnerability of the network to attack. Instead of taking money directly, an attacker may attempt to manipulate a network so that a gaming establishment loses money to players.
Attack Types
Attackers may attempt one or more direct attacks against the network, attacks against hosts, physical attacks, or other types of attacks. Attacks against the network may include attempts to obtain plaintext network traffic, forging network traffic, attaching fraudulent devices to the network, and denying network services.
Consequently, there are a number of methods of attack to obtain plaintext traffic. An attacker may eavesdrop (e.g., electronically) on unprotected traffic. The plaintext messages may be openly accessed or inferred via message and traffic analysis. Eavesdropping may be accomplished by illicitly controlling a device that is a legitimate part of the network or by re-routing network traffic to the attacker's own device.
Furthermore, if the attacker has access to the network and can mimic network protocols, the attacker may forge network traffic so that malicious messages are routed as legitimate messages. Such malicious messages can affect game play, send false financial transactions, reconfigure network administration, and/or disable security features to permit other forms of attack, or to hide current attacks. This type of attack may also include repeating legitimate messages for malicious purposes, such as repeating a password message to gain access to the privileges associated with that password, playing back a cash withdrawal request, a winning game play message, or a jackpot won event.
Still further, “denial of service” attacks are a notorious method of attacking a network or server. Such attacks often consist of flooding the network with bogus messages, therefore blocking, delaying, or redirecting traffic. The saturation of the network at the devices, servers, IP ports, or the like, can prevent normal operation of the network, especially for those network services that are time sensitive.
Moreover, an attacker may also use the network to attack a host or to attack the host directly via a local console. This is accomplished by attacking vulnerable, exposed, and/or unprotected IP ports, or via a “worm” transmitted via email, for example. In this way, malicious code can be introduced into the network to open the door for later attacks and to mask this and other attacks.
In addition, physical attacks on the network devices may also be a goal of an attacker. The devices, hosts, servers, and consoles should all have physical protection and security to prevent access by outsiders or by unauthorized insiders. Devices requiring such protection may include game machines, network cables, routers, switches, game servers, accounting servers, and network security components including firewalls and intrusion detection systems.
Other attacks may include attacks on the encryption/certification system. An attacker may attempt to compromise or to obtain the private key (e.g., of an operator or a manufacturer) of a public key infrastructure. Alternatively, the attacker may compromise the certifying authority of the network owner. Other schemes may include reinstalling older, but legitimate versions of software (recognized by the system as legitimate), the older version not being updated for corrected security flaws. Bridging a secure network to another network may also be attempted.
In some cases, the regulatory jurisdiction may have its own encryption key. This may be another type of inside attack that may be made. Someone in the regulatory jurisdiction may attempt to move or spoof data on the network for one or more of the purposes described above.
A gaming network may have a large number of dynamically changing and reconfigurable components. Because of the desire to keep down-time to a minimum, it is important that the population of devices on the network be determinable and verifiable. In the past, this has meant pre-programming knowledge of all other devices into each device, so that communication between devices could take place. Such a requirement of pre-programming or pre-knowledge is too time consuming to be practical in a gaming network environment.
Accordingly, a gaming network requires robust protection against attacks from insiders and outsiders using a variety of attack methods.